Description of problem: I am trying to test the proxied operations in 389 DS. For now, I have written a small script using UnboundID LDAP SDK [1]: ModifyRequest modifyRequest = new ModifyRequest("uid=XXXXXXXX,ou=People,o=XXXXXXXX,dc=XXXXXXXX,dc=XXXXXXXX", new Modification(ModificationType.REPLACE, "address", "Nueva dirección")); modifyRequest.addControl(new ProxiedAuthorizationV2RequestControl( "dn:" + proxiedUserEntry.getDN()) ); try { LDAPResult modifyResult = ldapConnectable.getConnection(session).modify(modifyRequest); // If we got here, then the modify was successful. } catch (LDAPException le) { System.out.println(le.getDiagnosticMessage() + " (" + le.getResultCode() + ")"); } Although I have not yet assigned any ACIS as described in [2], I supposed to get a denied response, not a protocol error as I get: unable to parse proxied authorization control (2 (protocol error)) This error is returned by the LDAP server, although it is not reported in the error LOG. [1] http://www.unboundid.com/products/ldapsdk/docs/javadoc/index.html [2] http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Managing_Access_Control-Access_Control_Usage_Examples.html#Access_Control_Usage_Examples-Proxied_Authorization_ACI_Example Version-Release number of selected component (if applicable): Tested in 1.2.5 How reproducible / Steps to Reproduce: Running the code below. Actual results: unable to parse proxied authorization control (2 (protocol error)) Expected results: An access denied in this case, as not applied any proxying configuration, or the actual proxied search result if configured.
Upstream ticket: https://fedorahosted.org/389/ticket/6
marking as screened because it has been cloned upstream
Fixed in 389-ds-base-1.2.10.rc1 now in Fedora/EPEL Testing